Sharif Digital Repository

While data outsourcing provides some benefits, it suffers from new privacy and security concerns, mainly about the confidentiality and integrity of the stored sensitive data, as well as enforcing access control policies. Current solutions to these aims are not comprehensive and consider only one aspect of security requirements. A secure DBMS architecture is introduced that simultaneously considers confidentiality, integrity and access control enforcement requirements. The transparency of security functions from data owner, service providers, and applications facilitates the operationality of the solution.Additionally, a new indexing technique for character encrypted data is proposed that... 

large-scale data collection from multiple sources to a single entity, such as a cloud provider, poses a challenging problem for implementing centralized machine learning algorithms. Constraints such as privacy protection and restrictive access policies that prevent accessing personally identifiable information hinder the development of centralized machine learning algorithms in important and sensitive domains like healthcare. However, from early disease detection to discovering new drugs, leveraging artificial intelligence in this domain is a fun-damental necessity. As a potential solution, federated learning has been proposed, allowing data owners (users) to jointly train a shared machine... 

The rapid evolution of artificial intelligence (AI) technologies has led to the widespread adoption of AI systems in diverse research and industrial fields. Deep neural networks, at the forefront of AI's power, demonstrate high performance by leveraging large volumes of training data. However, acquiring such vast amounts of data requires collaboration among individual data owners, who may have concerns about privacy. To address these concerns, various privacy-preserving methodologies have been proposed. These methodologies share a common goal of striking a balance between preserving privacy and maintaining data utility. This study aims to explore and analyze these privacy protection... 

The internet of things is a network of interconnected things (people, electronic devices, mechanical machines, etc.) that are able to transfer data. The applications of internet of things in electronic health (eHealth) are becoming increasingly interested. Deployment of eHealth facilitates the access of users to healthcare services, and improves the quality of the services. Using cloud computing provides the accessibility of healthcare services, and enables a data owner to share his health data with doctors and healthcare service providers. Health data is considered sensitive. So, leakage of any information about it endangers data owner privacy. Attribute-based encryption is a cryptographic... 

One of the applications of Internet of things (IoT) is its usage in the eHealth area. Various types of sensors (e.g., sensor to measure heart health, blood sugar levels, and respiratory) exist that not only provide required information for patients, but also send the health information to hospital staff through the network. Leveraging this technology in various intensive care units of hospital facilitate nurses and medical staff in monitoring of patients. However, moving towards these environments leads to new security challenges. One of the most important challenges is controlling access to sensors’ data and preserving patients privacy so that doctor and nurses should access patients’... 

Cloud computing is a new computing environment where computing infrastructure, platform and software are provided as a service. Rapid growth of cloud environments has increased the importance of security requirements and challenges for both service providers and users in cloud. Two main security issues in software as a service (SaaS) delivery model are access control and privacy preserving in basic web services and also in composite services obtaining through the automatic composition and inference of policies from the ones specified for basic services. In this thesis, we present a privacy preserving access control model and framework for service composition in SaaS delivery model of cloud... 

Cloud computing has a significant role in expanding applications of the Internet of Things (IoT). Currently, applications such as virtual reality and augmented reality require low latency, which is not achievable using traditional cloud computing in some scenarios. Edge computing is a new approach in IoT, which solves some of the limitations of the cloud computing by extending and developing its operations. Reducing response time and network traffic are some of the most important achievements of edge computing. Despite of its numerous advantages over cloud computing, edge computing faces serious challenges such as virtualization, implementation infrastructure, resource allocation and task... 

Recent advances in Machine Learning and specially Deep Learning, have caused a dramatic increase in the use of these algorithms in different applications, such as sickness diagnosis, anomaly detection, malware detection, and etc. Since training deep neural networks requires a high cost in terms of both gathering loads of labeled data and computing and human resources, deep learning models are a part of an organization’s intellectual property and so, the importance of securing these models is increasing. One of the most important types of attacks that compromises the security of deep neural networks is black-box adversarial example attack. In adversarial example attacks, the adversary... 

In this thesis, we argue that in many basic algorithms for machine learning, including support vector machine (SVM) for classification, principal component analysis (PCA) for dimensionality reduction, and regression for dependency estimation, we need the inner products of the data samples, rather than the data samples themselves. Motivated by the above observation, we introduce the problem of private inner product retrieval for distributed machine learning, where we have a system including a database of some files, duplicated across some non-colluding servers. A user intends to retrieve a subset of specific size of the inner products of the data files with minimum communication load, without... 

The security and convenience of digital payment methods have made them an essential part of people's daily lives. As a result, the possibility of using these methods in an offline environment without the need to communicate with the payment service provider is of great importance. To make this possible, a digital currency system should enable users to securely control their assets without the help of an intermediary and act according to established laws to combat financial crimes. Otherwise, this system will not be usable by the public or on a large scale. To solve this problem, a scheme with the possibility of offline payment by customers, prevention and detection of double spending by... 

With the dramatic advancements in information technology and the industry requirements for security and privacy, proof systems play a crucial role in cryptography. Among the vast variety of proof systems, succinct non-interactive arguments (SNARG) seem to be the most appealing class of proof systems, due to their attractive properties. SNARGs are usually made up of two constructive components, namely the information theoretic part and the cryptographic part. The GKR protocol was introduced as a proof system for a tractable family of languages called “log-Space Uniform Circuits”. The log-space uniformity is a necessary condition for the protocol to be succinct. Hence, it is not possible to... 

The applications of Internet of Things technology are increasing day by day. In the Internet of Things, various devices are connected to each other with the help of the Internet and perform various operations automatically. Today, this technology has various applications in smart city, smart home, smart car, as well as military industries and industrial factories. One of the newest applications is its use in the field of health and hygiene, which is known as the Internet of Medical Things or Smart Health. With the emergence of new epidemic diseases, the importance of this application becomes more clear. Smart health helps the patient. without going to the hospital and doctor in person, to... 

With the dramatic advancements in information technology and the industry requirements for security and privacy, proof systems play a crucial role in cryptography. Among the vast variety of proof systems, succinct non-interactive arguments (SNARG) seem to be the most appealing class of proof systems, due to their attractive properties. SNARGs are usually made up of two constructive components, namely the information theoretic part and the cryptographic part. The GKR protocol was introduced as a proof system for a tractable family of languages called “log-Space Uniform Circuits”. The log-space uniformity is a necessary condition for the protocol to be succinct. Hence, it is not possible to... 

With the help of cloud computing, easy and fast access to a wide range of computing resources through the network is provided for a wide range of users. Cloud computing, on the other hand, faces security challenges in protecting users' privacy and access control because the cloud service provider is not a trusted entity, so it is possible to access or disclose sensitive data. Various solutions have been proposed to simultaneously meet the above two security requirements. The most well-known solution in this field is "Attribute-Based Encryption".In this dissertation, after reviewing the existing schemes to respond to the obstacles to implementing attribute-based encryption, an attribute-based... 

Design of anonymous authentication scheme is one of the most important challenges in Vehicular Ad hoc Networks (VANET). Most of the existing schemes have high computational and communication overhead and they do not meet security requirements. Recently, Azees et al. have introduced an Efficient Anonymous Authentication with Conditional Privacy-Preserving (EAAP) scheme for VANET and claimed that it is secure. We show that this protocol is vulnerable against replay attack, impersonation attack and message modification attack. Also, we show that the messages sent by a vehicle are linkable. Therefore, an adversary can easily track the vehicles. In addition, it is shown that vehicles face with... 

The Internet of Things is one of the most common technologies in today's world where its security is an important issue. Lightweight authentication protocols are crucial for privacy preserving in Internet of Things (IoT). IoT authentication protocols must meet security requirements and resist against cryptographic threats. On the other hand, these protocols should be implementable for devices with constrained memory and computational power in this area and should not impose a heavy computational load on such devices. In some IoT devices, such as RFIDs, resource constraints are critical, such that using standard hash functions is not practical. In this applications, security requirements is... 

Coming to the generation of technology, where everything is possible through the Internet contributes a significant proportion to privacy protection. Several Privacy protection technologies have been launched to maintain the confidentiality of user information. Tor, also known as an Onion Router, is indeed the largest global anonymized network technology, including over 7000 distinct domain controller endpoints located all over the globe. Various kinds of wrongdoings are increasing day by day such as terrorism, abuse of the child is increasing using the network. To stop this monitoring plan is needed to develop. To enable this all the hacking mechanisms along with the architecture were... 

Differential privacy provides a powerful definition for protecting data privacy by adding noise. Differential privacy mechanisms add noise to the responses of queries made to a database. Differential privacy challenges the learning of useful information from a dataset without leaking any information about the individuals present in that dataset. However, studies have shown that these mechanisms make assumptions about the data that, if not met, can lead to privacy leaks. One of these assumptions is the lack of correlation between data. If an attacker is aware of the correlation between data, common mechanisms cannot guarantee differential privacy.This thesis proposes a solution for adding... 

The expansion of technology and the increasing use of mobile devices and smartphones have aected various aspects of personal and social life. These include the use of personal mobile devices in enterprise environments called BYODs have a number of positive and negative eects. On the one hand, it would be more cost-eective for an organization or business environment for users to use their own devices, but on the other hand, it poses numerous security and information challenges that are important to manage. These include disrupting the user’s privacy or disseminating organization information to personal devices and thus violating the organization’s security policies. In this study, a model is... 

Development of Smart Grid and deployment of smart meters in large scale has raised a lot of concerns regarding customers’ privacy. Consequently, several schemes have been proposed to overcome the above mentioned issue. These schemes mainly rely on data aggregation as a method of protecting users’ privacy from the grid operators. However, the main problem with most of these schemes is the fact that they require a large amount of processing power at the meter side. This, together with the fact that smart meters don’t usually have a powerful processor, can cause the unavailability of smart meter data at the required time for operators of the grid, and at the same time disables smart meters from...